Certified in Risk and Information Systems Control (CRISC) — Question 650

To communicate the risk associated with IT in business terms, which of the following MUST be defined?

Answer options

• A. Risk appetite of the organization
• B. Compliance objectives
• C. Organizational objectives
• D. Inherent and residual risk

Correct answer: C

Explanation

Defining organizational objectives is crucial as it aligns IT risks with the overall goals of the business, making it easier to communicate the impact of these risks. While risk appetite, compliance objectives, and inherent and residual risks are important, they do not directly relate to the overarching business objectives that guide the organization.